Hi there, I noticed the pam_ldap.conf principal truncating bug still persists in the latest .4 revision.
I am using openLDAP for authentication to the thinclients (no active directory). You can also re-produce this with a standard openLDAP configuration. set Secondary Server to: ldap://myldapserver.com:389/dc=domain,dc=com set Principal to: cn=Manager,dc=domain,dc=com set Password : (secret) change Primary to Secondary Server for authentication select Read Users data (you can also reproduce with Read User and Group data seletion) Save. Restart a thinclient (im using vmware for testing), on login screen using openLDAP credentials returns Authorization Failed. Ctrl+Alt+F1 and login with root:foobar vi /etc/pam_ldap.conf locate the principal line where it only shows the first "cn' of the "cn=Manager,dc=domain,dc=com" principal = cn I can only assume the script (not sure which script does this) truncates the text when it finds non-alpha-numeric character. I haven't used Active directory before, but judging by the screenshot explanations on the site, this principal normally keyed in as [email protected] perhaps the script attempts to parse non-alpha numeric character @ and somehow fails. For this reason, i can't authenticate towards openLDAP server (unless i fall to root and manually change the pam_ldap.conf everytime i restart the thinclient). This also brings me to the point (as i wrote in earlier articles but i believe its misunderstood due to my poor english), when Secondary Directory authenticatin selected with Read Users and Groups option; Does the Manager UI shows the LDAP users and groups by reading them from the openLDAP server? At the moment, i only see local users and groups. However if Secondary Users and Groups become visible in the Manager UI when secondary-directory-authentication selected, it will be uber cool since thats what I was looking for from day one. Would appreciate if you can provide a clarification and hopefully a fix for this at soonest. Off-topic: the boot-loading of version .4 seems to be problematic. I downloaded on a xp system and extracted under openthinclient4 folder and ran start-server.bat from command line. I have another folder 'openthinclient" which contains .3.1. I stopped the 3.1 completely along with the manager and cd to openthinclent4 folder and run start-server.bat and it keep giving NFS halt errors infinitely. Again would like to clarify that im running this from command line, not installed as service. After a restart, i tried again and this time the errors were less frequent but the test vmware thinclient stuck at the initrd. stage There were no errors generated on the debug console of openthinclient server (tftp sending successsfully) beside usual outputs. Today, i installed version .4 into ubuntu dapper system, first attempt booted ok. After restart of thinclient, it stop to "boot:" console after the initrd.... I didnt pay attention until it didnt proceed I pressed ENTER key at "boot:" and it continue booting. In xp system, i checked documents settings/user/application/.openthinclient folder to see if there is anything left from .3 revision that might create this mess but noticed the folders were empty. So something is definitely fishy in NFS and/or loading stage with revision .4 (judging by experience). looking forward to hear the good news. All the best! -- View this message in context: http://www.nabble.com/pam_ldap.conf-principal-truncating-tp21734668p21734668.html Sent from the openthinclient.org users' mailing list mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ The Open Source Thin Client Solution http://openthinclient.org [email protected] https://lists.sourceforge.net/lists/listinfo/openthinclient-user
